You are browsing the archive for Dissertation.

← Previous Entries

by Vincent King

Serious flaw on OS X

December 4, 2008 in Security by Vincent King

Published: 2006-02-21, Last Updated: 2006-02-21 22:15:27 UTC     -     by Kyle Haugsness (Version: 3)

… a serious vulnerability has been found in Apple Safari on OS X.  “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.”  This could be really bad.  Attackers can run shell scripts on your computer remotely just by visiting a malicious website.

Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html

The problem is due to a feature that is activated by default: Open Safe Files after downloading.  A zip file is considered safe and so they will be opened automatically.  Subsequently, a shell script with no #! at the beginning of the script will be executed automatically.  No user interaction!



[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=57be126d97abd2694bcfb8aeff427e92e9d89925f07e0836f72123d7534c139c0a66d806c4408292fc6a56124330776227b6a2c241e25580fb6b881e40829bb3d59efdd3239a669be17692e811baf4cc5de718732375b16d446ef67693e5eb399b9276dc1dc36bd25066f9ad85809efb44665e0e2e7f70daba4ef68d4e7c30cb38b079bb07e1515e7369f45b1926d46ed06c5f918ab6649c2d4d582f33a94b05063b05365615789b2515513cab2020816bc455314b152ed963f4d23b092f6edeafbc7fe871ba6c7a3114c03ebea854190ab273a55cf694a4abe83da24c360f4147698056d4afb6b90bcaee2e2514c5e5aedb81847cfbe98be5a078e949849f811de0b0a74c5d7ea00b582267ce4c278b6d53beb8cf8f6c7e36ec4fecfa29abc5d6179a9775c2aade641cd47515a2202fb7b7217a44fb1b06533b2eb1374fc330a006eb73186f17b127635ab7e141961a96b5b08df9f8ad99c3ec8911888171fd02151ab74c9daa2fac033ccb197cba9fad4402e73cea518c79886faf058cf11cf277086d31782ff44895a586142440c5117b112f600f2e147472d4a0b881138dbb7113624e9304934573454ecfc8aa80138047edd3c78f5f6a8ef1e17f8d2cced332ba0a1b969dfa3b6259f54dd0fe10b0de24d0529924d0534f[[T_F]]

Tags: , , , , , ,
0

by Vincent King

User Education

November 11, 2008 in Techniques by Vincent King



[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=a8ffed8568c2e2d657409c4372bc806c172667db0e80f6c809dfdd29adb2ed62849826f83abe7c6c0294a8ecbdce859cd9485c3cbf1cab7e059576e0be7c654d2b60032ddd6498651f886c16ef440a32a319e68ddd8b4f93ba9008886d1b15c7656c8822e33d952cb69807537b7e6005bac4e44404a6b9ed2cc5b542c4a039ce2938ab2e579afa98be8bb0ee6a15c085f880e77b4d34916002c2e8063f0ace52542e5234f472a96e1272fa2108181e700fd0f23ace7205fa9fb0fc2e4a0685e50720a788bb2c80ac3a71d8252508f06a4d3cbf12e1b571110f88231cc03446dad68b58f5f107352a4fcd84041271d39305ef5b50a1af8b4f9318a98acb51675a63993916c0e2a31ef5a6dc9930b2d97593ad404631719280c812b11204d7553b28e964698b3c54209ae22a8beb5cded14949dfc4ba05e5f8adc5d04fc9b03dce5ef8158df691e94fd99da4491fbf68e4684b4e73070653673d1277ef767f8f03fcebe449b26354d152fdc235e782446153bafc19c214af7287669151fb720fe20c89f693cf86d10ab66b5b78eadabe3bef85efd19ef1d0ea8a8c2a5e467fed73458fed9cb06dfa6dbb8dbbb03136547eed7a0aa25a0b28d194702290ea082b882dcc44f4e5686304c59ca70bb3d094687314a97052fba970532d[[T_F]]

Tags:
0

by Vincent King

Social Engineering

November 11, 2008 in Techniques by Vincent King



[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=a8ffed8568c2e2d657409c4372bc806c172667db0e80f6c809dfdd29adb2ed62849826f83abe7c6c0294a8ecbdce859cd9485c3cbf1cab7e059576e0be7c654d2b60032ddd6498651f886c16ef440a32a319e68ddd8b4f93ba9008886d1b15c7656c8822e33d952cb69807537b7e6005bac4e44404a6b9ed2cc5b542c4a039ce2938ab2e579afa98be8bb0ee6a15c085f880e77b4d34916002c2e8063f0ace52542e5234f472a96e1272fa2108181e700fd0f23ace7205fa9fb0fc2e4a0685e50720a788bb2c80ac3a71d8252508f06a4d3cbf12e1b571110f88231cc03446dad68b58f5f107352a4fcd84041271d39305ef5b50a1af8b4f9318a98acb51675a63993916c0e2a31ef5a6dc9930b2d97593ad404631719280c812b11204d7553b28e964698b3c54209ae22a8beb5cded14949dfc4ba05e5f8adc5d04fc9b03dce5ef8158df691e94fd99da4491fbf68e4684b4e73070653673d1277ef767f8f03fcebe449b26354d152fdc235e782446153bafc19c214af7287669151fb720fe20c89f693cf86d10ab66b5b78eadabe3bef85efd19ef1d0ea8a8c2a5e467fed73458fed9cb06dfa6dbb8dbbb03136547eed7a0aa25a0b28d194702290ea082b882dcc44f4e5686304c59ca70bb3d094687314a97052fba970532d[[T_F]]

Tags:
0

← Previous Entries